PT-2016-7833 · Linux+5 · Linux Kernel+5

Baozeng Ding

·

Publicado

2016-06-26

·

Atualizado

2023-01-17

·

CVE-2016-9806

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.6.3
Description A race condition exists in the netlink dump function, allowing local users to cause a denial of service or possibly have other unspecified impacts by making sendmsg system calls with a crafted application. This leads to a double free operation associated with a new dump that started earlier than anticipated.
Recommendations For Linux kernel versions prior to 4.6.3, update to version 4.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the netlink dump function to minimize the risk of exploitation.

Correção

DoS

Race Condition

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-415

Identificadores relacionados

ALT-PU-2016-1641
ALT-PU-2016-1642
CESA-2017_1842
CVE-2016-9806
OPENSUSE-SU-2017_0456-1
OPENSUSE-SU-2017_0458-1
RHSA-2017:1842
RHSA-2017:2077
RHSA-2017:2669
RHSA-2017_1842
RHSA-2017_2077
SUSE-SU-2017:0230-1
SUSE-SU-2017:0231-1
SUSE-SU-2017:0233-1
SUSE-SU-2017:0234-1
SUSE-SU-2017:0235-1
SUSE-SU-2017:0244-1
SUSE-SU-2017:0245-1
SUSE-SU-2017:0246-1
SUSE-SU-2017:0247-1
SUSE-SU-2017:0248-1
SUSE-SU-2017:0249-1
SUSE-SU-2017:0267-1
SUSE-SU-2017:0268-1
SUSE-SU-2017:0303-1
SUSE-SU-2017:0407-1
SUSE-SU-2017:0464-1
SUSE-SU-2017:0471-1
SUSE-SU-2017:0575-1
SUSE-SU-2017_0303-1
USN-3168-1
USN-3168-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu